The objectives of these slides are:
- To describe the services an operating system provides to users, processes, and other systems
- To discuss the various ways of structuring an operating system
- To explain how operating systems are installed and customized and how they boot
Operating System definitions and about system calls
Operating System Services
User and Operating System-Interface
System Calls
Types of system calls
System Programs
operating system calls input and output by (rohit malav)Rohit malav
Introduction of System Call
In computing, a system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. A system call is a way for programs to interact with the operating system. A computer program makes a system call when it makes a request to the operating system’s kernel. System call provides the services of the operating system to the user programs via Application Program Interface(API). It provides an interface between a process and operating system to allow user-level processes to request services of the operating system. System calls are the only entry points into the kernel system. All programs needing resources must use system calls.
Services Provided by System Calls :
Process creation and management
Main memory management
File Access, Directory and File system management
Device handling(I/O)
Protection
Networking, etc.
The objectives of these slides are:
- To describe the services an operating system provides to users, processes, and other systems
- To discuss the various ways of structuring an operating system
- To explain how operating systems are installed and customized and how they boot
Operating System definitions and about system calls
Operating System Services
User and Operating System-Interface
System Calls
Types of system calls
System Programs
operating system calls input and output by (rohit malav)Rohit malav
Introduction of System Call
In computing, a system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. A system call is a way for programs to interact with the operating system. A computer program makes a system call when it makes a request to the operating system’s kernel. System call provides the services of the operating system to the user programs via Application Program Interface(API). It provides an interface between a process and operating system to allow user-level processes to request services of the operating system. System calls are the only entry points into the kernel system. All programs needing resources must use system calls.
Services Provided by System Calls :
Process creation and management
Main memory management
File Access, Directory and File system management
Device handling(I/O)
Protection
Networking, etc.
In recent years the amount of vulnerabilities and also the amount of systems, installations or containers a single sysadmin has to oversee has
grown beyond any human capable measures.
The best help here is more automation in various places, which needs to
be driven by automation consumable data.
We will look at two primary areas, the automation data provided by SUSE
for security fixes and also very fresh the inventory data, or "Software
Bill of Materials (SBOM)".
The talk will go over various formats, what SUSE offers and their
purposes and also give some future look out on more improved or even
more automation data formats.
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
Presented at IBM z/Expo 2008, Session ID zLS01. Talks through what SELinux is, introduces principal concepts of Type Enforcement, SELinux policies, and user/admin perspectives of managing a system with SELinux enabled.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
In recent years the amount of vulnerabilities and also the amount of systems, installations or containers a single sysadmin has to oversee has
grown beyond any human capable measures.
The best help here is more automation in various places, which needs to
be driven by automation consumable data.
We will look at two primary areas, the automation data provided by SUSE
for security fixes and also very fresh the inventory data, or "Software
Bill of Materials (SBOM)".
The talk will go over various formats, what SUSE offers and their
purposes and also give some future look out on more improved or even
more automation data formats.
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_F16.shtml
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
Presented at IBM z/Expo 2008, Session ID zLS01. Talks through what SELinux is, introduces principal concepts of Type Enforcement, SELinux policies, and user/admin perspectives of managing a system with SELinux enabled.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
1. Protection and Security
CS-502 Fall 2007 1
Protection and Security
CS-502 Operating Systems
Fall 2007
(Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne and
from Modern Operating Systems, 2nd ed., by Tanenbaum)
2. Protection and Security
CS-502 Fall 2007 2
Concepts
• Protection:
• Mechanisms and policy to keep programs and users
from accessing or changing stuff they should not do
• Internal to OS
• Chapter 14 in Silbershatz
• Security:
• Issues external to OS
• Authentication of user, validation of messages,
malicious or accidental introduction of flaws, etc.
• Chapter 15 of Silbershatz
3. Protection and Security
CS-502 Fall 2007 3
Outline
• Part 1
• The first computer virus
• Protection mechanisms
• Part 2
• Security issues
• Some cryptographic themes
4. Protection and Security
CS-502 Fall 2007 4
The First Computer Virus
• Reading assignment:–
Ken Thompson, “Reflections on Trusting Trust,”
Communications of ACM, vol.27, #8, August
1984, pp. 761-763 (pdf)
• Three steps
1. Program that prints a copy of itself
2. Training a compiler to understand a constant
3. Embedding a Trojan Horse without a trace
5. Protection and Security
CS-502 Fall 2007 5
Step 1 – Program to print copy of itself
• How do we do this?
• First, store character array representing text of
program
• Body of program
• Print declaration of character array
• Loop through array, printing each character
• Print entry array as a string
• Result: general method for program to reproduce
itself to any destination!
6. Protection and Security
CS-502 Fall 2007 6
Step 2 – Teaching constant values to compiler
/* reading string constants */
if (s[i++] == '')
if (s[i] == 'n') insert ('n');
elseif (s[i] == 'v') insert ('v');
elseif …
• Question: How does compiler know what integer
values to insert for 'n‘, 'v‘, etc.?
7. Protection and Security
CS-502 Fall 2007 7
Step 2 (continued)
• Answer: In the first compiler for this machine
type, insert the actual character code
• i.e., 11 (decimal) for ‘v’, etc.
/* reading string constants */
if (s[i++] == '')
if (s[i] == 'n') insert ('n');
elseif (s[i] == 'v') insert (11);
elseif …
• Next: Use the first compiler to compile itself!
8. Protection and Security
CS-502 Fall 2007 8
Step 2 (continued)
• Result: a compiler that “knows” how to interpret
the sequence “v”
• And all compilers derived from this one, forever after!
• Finally: replace the value “11” in the source code
of the compiler with ‘v’ and compile itself again
• Note: no trace of values of special characters in …
– The C Programming Language book
– source code of C compiler
• I.e., special character values are self-reproducing
9. Protection and Security
CS-502 Fall 2007 9
Step 3 – Inserting a Trojan Horse
• In compiler source, add the text
if (match(sourceString, pattern)
insert the Trojan Horse code
where “pattern” is the login code (for example)
• In compiler source, add additional text
if (match(sourceString, pattern2)
insert the self-reproducing code
where “pattern2” is a part of the compiler itself
• Use this compiler to recompile itself, then
remove source
10. Protection and Security
CS-502 Fall 2007 10
Step 3 – Concluded
• Result: an infected compiler that will
a. Insert a Trojan Horse in the login code of any Unix
system
b. Propagate itself to all future compilers
c. Leave no trace of Trojan Horse in its source code
• Like a biological virus:
– A small bundle of code that uses the compiler’s own
reproductive mechanism to propagate itself
12. Protection and Security
CS-502 Fall 2007 12
Goals of Protection
• Operating system consists of a collection of
objects (hardware or software)
• Each object has a unique name and can be
accessed through a well-defined set of operations.
• Protection problem – to ensure that each object is
accessed correctly and only by those processes
that are allowed to do so.
13. Protection and Security
CS-502 Fall 2007 13
Guiding Principles of Protection
• Principle of least privilege
– Programs, users and systems should be given
just enough privileges to perform their tasks
• Separate policy from mechanism
– Mechanism: the stuff built into the OS to make
protection work
– Policy: the data that says who can do what to
whom
14. Protection and Security
CS-502 Fall 2007 14
Domain Structure
• Access-right = <object-name, rights-set>
where rights-set is a subset of all valid operations
that can be performed on the object.
• Domain = set of access-rights
15. Protection and Security
CS-502 Fall 2007 15
Conceptual Representation – Access Matrix
• View protection as a matrix (access matrix)
• Rows represent domains
• Columns represent objects
• Access(i, j) is set of operations that process
executing in Domaini can invoke on Objectj
16. Protection and Security
CS-502 Fall 2007 16
Textbook Access Matrix
• Columns are access control lists (ACLs)
• Associated with each object
• Rows are capabilities
• Associated with each user, group, or domain
17. Protection and Security
CS-502 Fall 2007 17
Unix & Linux
• System comprises many domains:–
– Each user
– Each group
– Kernel/System
• (Windows has even more domains than
this!)
18. Protection and Security
CS-502 Fall 2007 18
Unix/Linux Matrix
file1 file 2 file 3 device domain
User/Domain 1 r rx rwx – enter
User/Domain 2 r x rx rwx –
User/Domain 3 rw – – – –
…
• Columns are access control lists (ACLs)
• Associated with each object
• Rows are capabilities
• Associated with each user or each domain
19. Protection and Security
CS-502 Fall 2007 19
Changing Domains (Unix)
• Domain = uid or gid
• Domain switch via file access controls
– Each file has associated with it a domain bit (setuid bit).
• rwS instead of rwx
– When executed with setuid = on, then uid or gid is
temporarily set to owner or group of file.
– When execution completes uid or gid is reset.
• Separate mechanism for entering kernel domain
– System call interface
20. Protection and Security
CS-502 Fall 2007 20
General (textbook) representation
• Domains as objects added to Access Matrix
21. Protection and Security
CS-502 Fall 2007 21
Practicalities
• At run-time…
– What does the OS know about the user?
– What does the OS know about the resources?
• What is the cost of checking and enforcing?
– Access to the data
– Cost of searching for a match
• Impractical to implement full Access Matrix
– Size
– Access controls disjoint from both objects and domains
22. Protection and Security
CS-502 Fall 2007 22
ACLs vs. Capabilities
• Access Control List: Focus on resources
– Good if resources greatly outnumber users
– Can be implemented with minimal caching
– Can be attached to objects (e.g., file metadata)
– Good when the user who creates a resource has
authority over it
• Capability System: Focus on users
– Good if users greatly outnumber resources
– Lots of information caching is needed
– Good when a system manager has control over all
resources
23. Protection and Security
CS-502 Fall 2007 23
Both are needed
• ACLs for files and other proliferating resources
• Capabilities for major system functions
• The common OSs offer BOTH
– Linux emphasizes an ACL model
• provides good control over files and resources that are file-like
– Windows 2000/XP emphasize Capabilities
• provides good control over access to system functions (e.g.
creating a new user, or doing a system backup…)
• Access control lists for files
24. Protection and Security
CS-502 Fall 2007 24
…and good management, too!
• What do we need to know to set up a new
user or to change their rights?
• …to set up a new resource or to change the
rights of its users?
• …Who has the right to set/change access
rights?
• No OS allows you to implement all the
possible policies easily.
25. Protection and Security
CS-502 Fall 2007 25
Enforcing Access Control
• User level privileges must always be less than OS
privileges!
– For example, a user should not be allowed to grab
exclusive control of a critical device
– or write to OS memory space
• …and the user cannot be allowed to raise his
privilege level!
• The OS must enforce it…and the user must not be
able to bypass the controls
• In most modern operating systems, the code which
manages the resource enforces the policy
26. Protection and Security
CS-502 Fall 2007 26
(Traditional) Requirements–System Call Code
• No user can interrupt it while it is running
• No user can feed it data to make it
– violate access control policies
– stop serving other users
• No user can replace or alter any system call
code
• No user can add functionality to the OS!
• Data must NEVER be treated as code!
27. Protection and Security
CS-502 Fall 2007 27
“Yeah, but …”
• No user can interrupt it while it is running
• Windows, Linux routinely interrupt system calls
• No user can feed it data to make it
• violate access control policies
• stop serving other users
• No user can replace or alter any system call code
• Except your average virus
• No user can add functionality to the OS!
• Except dynamically loaded device drivers
• Data must NEVER be treated as code!
• “One man’s code is another man’s data” A. Perlis
28. Protection and Security
CS-502 Fall 2007 28
Saltzer-Schroeder Guidelines
• System design should be public
• Default should be no access
• Check current authority – no caching!
• Protection mechanism should be
– Simple, uniform, built into lowest layers of system
• Least privilege possible for processes
• Psychologically acceptable
• KISS!